Vulnerabilities and security researches forsimple-payment simple-payment

Dec 15, 2024

CVE, Research URL: CVE-2024-54303
Home page URL: Security reports for Simple Payment
Application: Simple Payment
Date: Dec 13, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky / yalla ya! Simple Payment allows Reflected XSS.This issue affects Simple Payment: from n/a through 2.3.7.
Affected versions: Min -, max -.
Status: vulnerable

Jun 29, 2025

CVE, Research URL: CVE-2025-6688
Home page URL: Security reports for Simple Payment
Application: Simple Payment
Date: Jun 27, 2025
Research Description: The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.
Affected versions: Min -, max -.
Status: vulnerable